package com.ruoyi.table.config;


import org.springframework.beans.factory.annotation.Configurable;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.BeanIds;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.stereotype.Component;

import javax.xml.ws.WebServiceException;

/**
 * @author 韩国伟
 * @version 1.0
 * @description: 工具类
 * @date 2023/2/24 10:42
 */
//@Component
//@Configurable
//@EnableWebSecurity

@Configuration
//@EnableWebSecurity
//@EnableGlobalMethodSecurity(prePostEnabled = true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

//    @Bean   WebSecurityConfigurerAdapter
//    public BCryptPasswordEncoder intoBCrypt(){
//        return new BCryptPasswordEncoder();
//    }
//
//    @Bean(name = BeanIds.AUTHENTICATION_MANAGER)
//    @Override
//    public AuthenticationManager authenticationManagerBean() throws Exception {
//        return super.authenticationManagerBean();
//    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                //关闭csrf
                .csrf().disable()
                //不通过Session获取
                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
                .and()
                .authorizeRequests()
                //可以访问的接口
                .antMatchers("/fam/login","/audit/list","/audit/pass","/audit/reject","/audit/middle").anonymous()
                //其他接口都需要认证
                .anyRequest().authenticated();
    }
}
